Cross-Site Scripting Vulnerabilities in IBM Web Experience Factory
CVE-2011-5048

Currently unrated

Key Information:

Vendor: IBM
Status: Web Experience Factory
Vendor: CVE Published:; 3 January 2012

What is CVE-2011-5048?

The IBM Web Experience Factory versions 7.0 and 7.0.1 are susceptible to multiple cross-site scripting vulnerabilities. Attackers can exploit these weaknesses by injecting arbitrary web scripts or HTML through vulnerable text input and textarea elements. This issue arises from the interaction between the Smart Refresh feature and Dojo, allowing unauthorized access to sensitive data and potential compromise of user sessions.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1LO65984

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1LO65985

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/72115

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2012
Vulnerability Reserved
Jan 3, 2012